1) Main concepts and components

2) Authentication mechanisms:

▸ Clients: OAuth - SAML - CAS - OpenID Connect - HTTP - OpenID - Google App Engine - Kerberos (SPNEGO)

▸ Authenticators: LDAP - SQL - JWT - MongoDB - CouchDB - IP address - REST API

3) Authorization mechanisms: Authorizers

▸ Roles/permissions - Anonymous/remember-me/(fully) authenticated - Profile type, attribute

▸ CSRF - IP address, HTTP method

4) Matchers

5) Security configuration

6) User profile

7) SessionStore and Store

8) Release notes - Backward compatibility

9) Authentication flows - Big picture

10) Customizations

11) Third-party extensions

12) Javadoc